Paul Wilders
April 11th, 2002, 07:04 AM
Title 11/4/2002
GMX.net Contains a Cross Site Scripting Vulnerability (overture)
Summary
GMX.net is one of the best-known and largest German free e-mail providers and is supposed to also provide its services to several other countries. In the web search function exists a flaw that allows Cross Site Scripting.
Details
The "Websearch" of gmx.net does not check for any hostile input. Allowing attackers to insert arbitrary HTML and JavaScript into existing web pages.
source: securiteam.com
GMX.net Contains a Cross Site Scripting Vulnerability (overture)
Summary
GMX.net is one of the best-known and largest German free e-mail providers and is supposed to also provide its services to several other countries. In the web search function exists a flaw that allows Cross Site Scripting.
Details
The "Websearch" of gmx.net does not check for any hostile input. Allowing attackers to insert arbitrary HTML and JavaScript into existing web pages.
source: securiteam.com